Primary

Context

ZSPACE Z4Pro+ Command Injection Vulnerability Allowing Remote Code Execution

Vulnerability

A command injection vulnerability has been identified in the ZSPACE Z4Pro+ NAS device running firmware version 1.0.0440024. The issue arises in the HTTP POST request handler for the '/v2/file/safe/close' endpoint, where the 'zfilev2_api_CloseSafe' function is executed. This vulnerability allows remote attackers to inject and execute arbitrary commands on the affected device, with the potential to gain root privileges and full control over the NAS.

Impact

Exploitation of this vulnerability leads to remote command execution on the affected device, with the attacker gaining root privileges.

Reproduction

To reproduce this vulnerability, send a POST request to the '/v2/file/safe/close' endpoint with a 'safe_dir' parameter that includes a crafted payload. The payload should be designed to exploit the command injection vulnerability by injecting a command that will be executed on the device.

Added: Dec 28, 2025, 11:17 AM

Updated: Dec 28, 2025, 11:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

1.7

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

1.7

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ZSPACE Z4Pro+ Command Injection Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating